A recent report by the US Government Accountability Office (GAO) highlights the progress made by US federal agencies in preparing for and responding to cyber threats. However, the report also points out that many agencies have not met the federal requirements for event logging, which is crucial for detecting, investigating [2] [3] [4], and remedying cyber threats [2] [3] [4]. This article examines the findings of the report and discusses the challenges faced by federal agencies in enhancing their cybersecurity capabilities.
Description
The GAO report reveals that as of August 2023, only three out of the 23 agencies have reached the advanced (tier 3) level for event logging [2], while the remaining agencies are at the basic (tier 1) or not effective (tier 0) levels [2]. This indicates a significant gap in meeting the necessary standards for event logging. The report emphasizes the importance of fully implementing event logging requirements to enhance the government’s cybersecurity capabilities [3].
In addition to the event logging challenges, federal agencies are also grappling with a lack of staff, technical difficulties in event logging [1], and limitations in cyber threat information sharing [1] [3]. However, efforts have been initiated to address these challenges. All 23 agencies are incorporating the US Cybersecurity and Infrastructure Security Agency (CISA) playbook and have completed preparation phase activities, including the deployment of an endpoint detection and response solution. Furthermore, federal agencies are working on long-term efforts, such as the implementation of the National Workforce and Education Strategy and a new threat intelligence platform from CISA [4].
To further improve their cybersecurity capabilities, the GAO report suggests that federal agencies can benefit from onsite cyber incident response assistance from CISA, event logging workshops and guidance [4], and enhancements to a cyber threat information-sharing platform [4]. These measures will help federal agencies enhance their ability to respond to cyber attacks and strengthen their overall cybersecurity posture.
The GAO report also highlights that 20 out of 23 federal agencies have not met requirements for investigation and remediation capabilities in response to cybersecurity incidents. The report emphasizes the importance of implementing event logging requirements to enhance the government’s ability to detect [3], investigate [2] [3] [4], and remediate cyber threats [2] [3] [4]. It further underscores the need for effective information security in light of increasingly sophisticated threats and frequent cyber incidents [3], such as the SolarWinds and Colonial Pipeline attacks [3]. The report also mentions three major incidents involving personally identifiable information at the Departments of Agriculture [3], Education [3] [4], and the Treasury [3], underscoring the need for better preparedness [3].
Conclusion
The GAO report sheds light on the challenges faced by federal agencies in meeting the federal requirements for event logging and investigation and remediation capabilities. These challenges [1] [3] [4], including a lack of staff, technical difficulties [1], and limitations in cyber threat information sharing [1] [3], hinder agencies’ abilities to respond effectively to cybersecurity incidents [3]. However, the report also highlights the efforts made by federal agencies to overcome these challenges, such as incorporating the CISA playbook and implementing long-term strategies.
Moving forward, it is crucial for federal agencies to fully implement event logging requirements and enhance their cybersecurity capabilities. Onsite cyber incident response assistance from CISA [4], event logging workshops and guidance [4], and improvements to the cyber threat information-sharing platform are recommended measures to strengthen agencies’ ability to respond to cyber attacks. By addressing these challenges and implementing the necessary measures, federal agencies can better protect against cyber threats and ensure the security of critical government systems and information.
References
[1] https://insidecybersecurity.com/daily-news/government-accountability-office-evaluates-agency-efforts-put-place-internal-cyber
[2] https://www.gao.gov/prerelease/k74n
[3] https://www.businessinsurance.com/article/20231204/NEWS06/912361392/Many-federal-agencies-not-prepared-to-respond-to-cyber-incidents-GAO-
[4] https://www.infosecurity-magazine.com/news/us-agencies-miss-deadline-incident/
